BYOD–is it Good, Bad or Ugly from the User Viewpoint?

Bring your own device–or BYOD–is a tech trend that is changing the way many organizations manage technology. In previous posts, we’ve shared some background on our Trust in Computing Research project, and some of the interesting data we’ve uncovered related to the consumerization of IT, and the BYOD trend.

In this post we’re going to take a closer look at the BYOD concept from the perspective of the individual user. BYOD sounds like a great idea, but it may be a case of “be careful what you wish for”. There are many benefits for users who take advantage of the opportunity to use their own devices in a business environment, but there are some potential pitfalls to be aware of as well.

Traditionally, IT admins and corporate IT departments have made decisions about which platforms or devices would be used by employees, and those things were distributed and managed by the IT staff. With BYOD, users are more or less free to use the PC platform, smartphone, tablet, or other gadgets of their own choosing–limited only by whatever BYOD policies are put in place.

Our research found that 67% of people are using personal devices in the workplace today, but only 53% reported having a policy in place explicitly allowing such activity. For 23 percent the response was either that no policy or guidance exists, or they simply aren’t aware of what the policy is, and for almost a quarter (24%) there is a policy in place specifically banning the use of personal devices in the workplace.

Figure 1. Use of own devices in the workplace

At face value, BYOD has the potential to be a win-win proposition. However, depending on how BYOD is implemented and managed it could be a Pandora’s Box.

The Up Side

Lets start by looking at some of the reasons that users are excited to embrace the BYOD movement. Once upon a time most people only had a mobile phone if their employer assigned it to them. But, mobile phones—or more specifically smartphones—have caught on as mainstream consumer devices, and users are now likely to have one of their own.

As noted above, some employers have strict policies banning or limiting the use of the company-owned device for personal calls, so users ended up in a position where they have to carry both devices around (and in security conservative orgs like government departments, this is still frequently the case) . BYOD potentially resolves that issue and enables employees to consolidate both personal and business calls and mobile data access on a single device. In our survey, 68% responded that it is at least somewhat important that they’re able to use personal devices in the workplace. 40% cited it as very important.

Figure 2. How important is it to use your own devices in the workplace?

Why is it so important to users to be able to use their own device? There’s a reason that laptops, smartphones, and tablets come in a myriad of shapes and sizes, running different operating systems, and with different software available: people have unique, subjective opinions about what works and what doesn’t, and it’s infuriating to work with devices you’re not familiar with. Users chose their own device to meet their personal needs, so they’re more comfortable with their personal gadgets than with company-issued technology.

Another common user pet peeve is that organizations take too long to deploy new hardware, operating systems, and applications. BYOD enables users to embrace cutting edge technologies on their own, which reduces frustration and leads to happier employees.

A fringe benefit of happy, satisfied workers is increased productivity. Users who have the freedom to choose the platforms and devices that seem most intuitive to them are able to accomplish basic tasks faster. Users armed with newer technology can work more efficiently than users forced to work with systems they find frustrating or confusing.

The Down Side

It’s not all sunshine and roses, though. There are some tradeoffs and caveats users need to be aware of before engaging in a BYOD program.

The first issue is money. When a company issues a laptop, or mobile phone to an employee, it is understood that the company bought the hardware, and is accepting responsibility for any monthly wireless bills. When the burden for supplying devices shifts to the user, the financial waters can start getting murky.

Many organizations provide some sort of subsidy or monthly allowance to offset the costs. The amount is generally a set rate, which the user can then take and apply toward whatever device they choose. If the employee selects hardware, or monthly service that exceeds the amount allotted from the company, they’re responsible for covering the difference out of their own money.

However, our research found that it’s more common for organizations to allow personal devices, but not subsidize them. Many consider allowing employees to bring their own devices into the work environment is its own reward and don’t feel any obligation to offset those costs.

Figure 3. Organization’s policy on employees buying their own PCs or laptops by audience

Users also need to understand what the policy is for monthly costs incurred with a wireless provider. If there are overages incurred as a result of using the personal device for business—for calling minutes, text messages, or data bandwidth–will the company reimburse for those expenses, or is the user on his or her own? More importantly, how would you determine to what extent the overages are a function of business use?

What about boundaries? When you have separate, company-issued devices you can simply turn them off or walk away during off hours, or when you’re on vacation. But, if you’re using the same device for both personal and business use, it’s easy to blur those lines and have work encroach on your personal time.

Users need a way to maintain a separation between their work day and their personal lives. It varied by audience, but overall we found that more than half of people agree that it’s very important to be able to separate personal and business profiles.

Figure 4. Ability to separate out personal and work profiles on a device by audience

The same concern exists for privacy as well. Merging business and personal data together on a single device raises concerns that the employer may have access to sensitive personal data.

A fair percentage of survey respondents indicated that personal devices allowed to access company resources are managed by IT. That means the IT department has some sort of tool enabling it to monitor and track usage, enforce security policies, or even remotely wipe a device that is lost or stolen.

Conclusion

In this post we analyzed the concept of BYOD from the perspective of the individual user. There are a variety of benefits for users empowered to choose their own platforms and technologies, but those advantages come with some concerns as well.

We found that:

67 percent of people are using personal devices in the workplace whether its officially sanctioned by the organization or not.

More organizations prohibit BYOD than subsidize it.

More than half consider it important to be able to use personal devices at work. A significant number (40%) consider it very important.

In many cases BYOD is allowed by an organization, but not subsidized in any way.

A majority of users consider it very important to be able to separate business and personal profiles for BYOD situations.

Related

About the Author

Principal Cybersecurity Strategist

Jeff Jones a 27-year security industry professional that has spent the last decade at Microsoft working with enterprise CSOs and Microsoft's internal teams to drive practical and measurable security improvements into Microsoft products and services. Additionally, Jeff analyzes vulnerability trends Read more &raquo